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DETAILED ACTION 



I. 



Claims 34-45 have been examined. 



II. 



Responses to Applicant's remarks have been given. 



Continued Examination Under 37 CFR 1. 1 14 



1 . A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1 .1 7(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
12/04/09 has been entered. 



2. Applicant's arguments with respect to the newly-added claim language of "said 
judging being performed solely by said controller of said portable recording medium" 
within independent claims 34, 37, 42 and 45 have been considered but are moot in view 
of the new ground(s) of rejection set forth below; as have the Applicant's arguments 
pertaining to Eldridge and Arthan failing to disclose this feature. 

3. Regarding the Applicant's arguments pertaining to the claim language of "a 
portable recording medium that comprises a controller for inputting from said 
communication terminal device the signed data set", the Examiner asserts that the 
"portable medium" of Eldridge performs this procedure via, but not limited to, column 1 , 
lines 66-67 and column 2, lines 1-8, "a portable medium useful of authenticating to a 
computer system. The medium interfaces with the computer system and contains 



Response to Arguments 
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thereon data associated both with a current password and noncurrent passwords. 
Authorization data associated with the client process and previously stored on the 
computer system is compared with the data stored on the medium". 
4. Further, regarding the Applicant's arguments pertaining to the claim language of 
"using the public key and the signed data set, whether the signed data set is signed by 
the external communication terminal device", the Examiner upholds that Eldridge 
discloses this feature via, but not limited to, column 5, lines 51-55, "the key identifier 
may refer to any information which upon presentation to the client process enables the 
client process to determine if the appropriate key is contained within ID file 300 or 
medium 600 and 620", column 6, lines 27-32, "a hash or message digest, is derived 
from public key component 308B", column 8, lines 63-67, "a portable medium containing 
a subset of the data contained in the client ID file 300" and column 9, lines 1 -5. 

Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1 , 148 
USPQ 459 (1966), that are applied for establishing a background for determining 
obviousness under 35 U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 



Application/Control Number: 10/684,400 Page 4 

Art Unit: 2431 

4. Considering objective evidence present in the application indicating 
obviousness or nonobviousness. 

Claims 34, 36, 37, 39, 41 , 42, 44 and 45 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over United States Patent No. 6,061 ,799 to Eldridge et al., 
hereinafter Eldridge and further in view of United States Patent No. 6,754,349 to Arthan, 
hereinafter Arthan and further in view of United States Patent No. 7,434,251 to Ooi et 
al., hereinafter Ooi. 

5. Regarding claim 34, Eldridge discloses a password recovery system for re- 
supplying a password, said password recovery system comprising: 
a communication terminal device for receiving a predetermined service via a network 
using the password (Figures 1 , 7 and 8, column 1 , lines 66 and 67, column 2, lines 1 -3, 
9-18 and 64-67, column 3, lines 1-6 and column 7, lines 18-34, "a process of password 
authentication"); 

a portable recording medium for storing the password, the portable recording medium 
being coupled to said communication terminal device (column 2, lines 9-18 and 31-47, 
column 8, lines 63-67 and column 9, lines 1-13, "PCMCIA card" and "SMART card" and 
lines 28-35), 

wherein said communication terminal device comprises: 

a controller for receiving from an external communication terminal device a signed data 
set, the external communication terminal device guaranteeing legitimacy of the user of 
said communication terminal device and generating the signed data set with a secret 
key, and for outputting to said portable recording medium the received signed data set 
when said portable recording medium is coupled to said communication terminal device 
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(Figures 3A, 3B and 6B, column 1 , lines 66 and 67, column 2, lines 1 -8, 31 -47 and 64- 
67, column 3, lines 1-10, column 4, lines 62-67, column 5, lines 1-24, "one type of 
encryption key suitable for use as secret parameter 302 is a RSA private encryption 
key", column 7, lines 1 9-34, column 8, lines 63-67 and column 9, lines 1-13), 
wherein said portable recording medium comprises: 

a memory for storing a public key corresponding to the secret key (column 2, lines 31 - 
67, "plurality of keys stored on the medium"); 

a controller for inputting from said communication terminal device the signed data set, 
and for judging using the public key and the signed data set whether the signed data set 
is signed by the external communication terminal device, wherein said controller of said 
portable medium recovers the same password as the password stored in said memory 
of said portable recording medium when it is judged that the signed data set is signed 
by the external communication terminal device, and outputs the recovered password to 
said communication terminal device (column 5, lines 35-67, column 6, lines 1-11, 
column 7, lines 49-67 and column 8, lines 1-12, "posts the complementary 
authentication information to server process 216 or another server within the same 
domain so that the server will receive information sufficient to allow the client process to 
prove knowledge of the password"), 

wherein said controller of said portable recording medium does not recover the same 
password as the password stored in said memory of said portable recording medium 
when it is judged that the signed data set is not signed by the external communication 
terminal device (Figure 5, element 506, "match?", Figure 7, element 708, "match?" and 
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Figure 8, element 814, "match?", column 3, lines 2-10, "the apparatus comprises 
authorization logic responsive to one of the plurality of passwords and the secret 
parameter for allowing access by the identified client process", column 5, lines 39-48, 
"the term 'key' may refer to any data or authentication information which is currently 
used by a process to partake in an authentication protocol. For example, keys 308 may 
comprise a password itself, a one-way hash of a password, a public key corresponding 
to a private key derived from data including the password...", column 7, lines 34-39, "If 
the public key identifier received from process 216 does not match any of the public key 
identifiers 308C stored within ID file 300, the attempt to access server process 216 fails 
and the authentication process terminates" and column 10, lines 23-54, "If no match 
occurs, the process ends"). 

6. Eldridge discloses the password recovery system of the claimed invention, as 
cited above. However, Eldridge does not disclose the claim language found within 
independent claim 34, as well as within independent claims 37, 42 and 45 pertaining to 
"based on an indication for recovering the password from a user of said communication 
terminal device when the user forgets the password". Arthan discloses this claim 
language, as cited below. 

7. Regarding claims 34, 37, 42 and 45, Arthan discloses the claim language of 
based on an indication for recovering the password from a user of said communication 
terminal device when the user forgets the password (column 4, lines 17-27, "is 
obtainable even if the password is forgotten" and lines 33-45). 
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8. The motivation to combine to provide "a recovery process whereby key or other 
secret material, loaded under password protection onto a removable storage medium 
which is to be inserted into the first site computer when required, is obtainable even if 
the password is forgotten or the storage medium is faulty" (Arthan- column 4, lines 17- 
22). 

9. Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to incorporate the teachings of Arthan within the teachings 
of Eldridge so that "if the password is forgotten or the storage medium proves to be 
faulty, the first site computer will be unusable since the recovery key, required for 
decryption purposes, will not be available to it directly" (Arthan - column 4, lines 42-45). 

1 0. Eldridge and Arthan disclose the claimed invention, as cited above. However, 
they do not disclose the claim language found within independent claim 34, as well as 
within independent claims 37, 42 and 45 pertaining to "said judging being performed 
solely by said controller of said portable recording medium". Ooi discloses said claim 
language, as cited below. 

1 1 . Regarding claims 34, 37, 42 and 45, Ooi discloses said judging being performed 
solely by said controller of said portable recording medium (Figure 7, column 3, lines 

61 -67, "both first storage unit 1 6 and second storage unit 22 may be one of a number of 
mass storage devices, including hard drives, floppy disks, or removable flash memory 
devices, such as the ThumbDrive portable flash memory device", column 4, lines 1 -3, 
11-14, "Access to second storage unit 22 is permitted only if password 12 is verified" 
and lines 49-56 and column 6, lines 41 -52). 
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1 2. The motivation to combine that "it is extremely desirable to have an anti-piracy 
system that cannot be easily re-programmed or bypassed by computer hackers and 
other digital pirates" (Oo/- column 2, lines 17-19). 

1 3. Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to incorporate the teachings to Ooi with the teachings of 
Eldridge and Arthan because "it is also desirable to have an anti-piracy system that can 
be integrated with existing mass storage devices" (Ooi- column 2, lines 19-21). 

14. Eldridge and Arthan disclose the claimed password recovery system, as cited 
above. However, Eldridge and Arthan do not disclose the additional judgment means 
within the claimed "memory of said portable recording medium" utilized by "said 
controller or said portable recording medium" of dependent claim 36. Ooi discloses 
these features, as cited below. 

1 5. Regarding claim 36, Ooi discloses wherein said memory of said portable 
recording medium stores a predetermined number indicating a number of the signed 
data set that is required to recover the password (Figure 7, column 3, lines 61 -67, "both 
first storage unit 1 6 and second storage unit 22 may be one of a number of mass 
storage devices, including hard drives, floppy disks, or removable flash memory 
devices, such as the ThumbDrive portable flash memory device"), 

and wherein said controller of said portable recording medium counts a number of the 
signed data set when it is judged that the signed data set is signed by the external 
communication terminal device, recovers the same password as the password stored in 
said memory of said portable recording medium when the counted number of the signed 
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data set reaches the predetermined number stored in said memory of said portable 
recording medium, and outputs the recovered password to said communication terminal 
device (Figure 5, element 206, column 4, lines 1 1-24, "Access to second storage unit 22 
is permitted only if password 12 is verified" and lines 28-35, column 5, lines 20-27 and 
column 6, lines 41 -50 and 55-66). 

1 6. The motivation to combine would be that an "authentication algorithm 26 is 
preferably implemented on hardware or firmware (such as ROM unit 18) so that it is 
tamper resistant, that is, authentication algorithm 26 will be extremely difficult to reverse 
engineer or extract data from, and therefore extremely difficult to bypass" {Ooi- column 
4, lines 31 -35). 

1 7. Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to incorporate the teachings to Ooi with the teachings of 
Eldridge and Arthan because "it is also desirable to have an anti-piracy system that can 
be integrated with existing mass storage devices" {Ooi- column 2, lines 19-21). 

1 8. Regarding claim 37, Eldridge discloses a communication terminal device for re- 
supplying a password to a user of the communication terminal device and for receiving 
a predetermined service via a network using the password, wherein a portable 
recording medium is coupled to said communication terminal device, the portable 
recording medium storing the password (column 5, lines 35-67, column 6, lines 1-11, 
column 7, lines 49-67 and column 8, lines 1 -1 2, "posts the complementary 
authentication information to server process 216 or another server within the same 
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domain so that the server will receive information sufficient to allow the client process to 

prove knowledge of the password"), 

said communication terminal device comprising: 

a controller for receiving from an external communication terminal device a signed data 
set, the external communication terminal device guaranteeing legitimacy of the user of 
said communication terminal device and generating the signed data set with a secret 
key, and for outputting to the portable recording medium the received signed data set 
when the portable recording medium is coupled to said communication terminal device 
(Figure 4, column 2, lines 31 -67, column 3, lines 1 -1 0, column 4, lines 62-67, column 5, 
lines 1 -14 and 35-55, column 6, lines 44-67 and column 7, lines 1 -1 4), 
wherein the portable recording medium comprises: 

a memory for storing the password and a public key corresponding to the secret 
key (Figures 3A and 6B, column 2, lines 31 -67, "plurality of keys stored on the 
medium") ; 

a controller for inputting from said communication terminal device the signed data set, 
and for judging, using the public key and the signed data set, whether the signed data 
set is signed by the external communication terminal device, wherein the controller of 
the portable recording medium recovers the same password as the password stored in 
the memory of the portable recording medium when it is judged that the signed data set 
is signed by the external communication terminal device, and outputs the recovered 
password to said communication terminal device (Figures 3A, 3B and 6B, column 1 , 
lines 66 and 67, column 2, lines 1-8, 31-47 and 64-67, column 3, lines 1-10, column 4, 
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lines 62-67, column 5, lines 1-24, "one type of encryption key suitable for use as secret 
parameter 302 is a RSA private encryption key", column 7, lines 19-34, column 8, lines 
1-12, "posts the complementary authentication information to server process 216 or 
another server within the same domain so that the server will receive information 
sufficient to allow the client process to prove knowledge of the password" and lines 63- 
67 and column 9, lines 1-13), 

wherein the controller of the portable recording medium does not recover the same 
password as the password stored in the memory of the portable recording medium 
when it is judged that the signed data set is not signed by the external communication 
terminal device (Figure 5, element 506, "match?", Figure 7, element 708, "match?" and 
Figure 8, element 814, "match?", column 3, lines 2-10, "the apparatus comprises 
authorization logic responsive to one of the plurality of passwords and the secret 
parameter for allowing access by the identified client process", column 5, lines 39-48, 
"the term 'key' may refer to any data or authentication information which is currently 
used by a process to partake in an authentication protocol. For example, keys 308 may 
comprise a password itself, a one-way hash of a password, a public key corresponding 
to a private key derived from data including the password...", column 7, lines 34-39, "If 
the public key identifier received from process 216 does not match any of the public key 
identifiers 308C stored within ID file 300, the attempt to access server process 216 fails 
and the authentication process terminates" and column 10, lines 23-54, "If no match 
occurs, the process ends"). 
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1 9. Regarding claim 39, Eldridge discloses wherein the memory of the portable 
recording medium stores a predetermined number indicating a number of the signed 
data set that is required to recover the password (Figure 4, column 2, lines 31 -67, 
column 3, lines 1 -1 0, column 4, lines 62-67, column 5, lines 1 -14 and 35-55, column 6, 
lines 44-67 and column 7, lines 1 -1 4), 

wherein the controller of the portable recording medium counts a number of the signed 
data set when it is judged that the signed data set is signed by the external 
communication terminal device, recovers the same password as the password stored in 
the memory of the portable recording medium when the counted number of the signed 
data set reaches the predetermined number stored in the memory of the portable 
recording medium, and outputs the recovered password to said communication terminal 
device (Figures 3A, 3B and 6B, column 1 , lines 66 and 67, column 2, lines 1 -8, 31 -47 
and 64-67, column 3, lines 1-10, column 4, lines 62-67, column 5, lines 1-24, column 7, 
lines 19-48, column 8, lines 63-67 and column 9, lines 1-13 and 28-35). 

20. Regarding claim 41 , Eldridge discloses a memory for storing a piece of 
application software corresponding to the recovered password output from the portable 
recording medium, wherein said controller of said communication terminal device 
performs the piece of the application software using the recovered password (column 1 , 
lines 66 and 67, column 2, lines 1-8, 31-47 and 64-67, column 3, lines 1-10, column 4, 
lines 62-67, column 5, lines 1 -24 and lines 35-67, column 6, lines 1-11, column 7, lines 
19-67, column 8, lines 1-12, "posts the complementary authentication information to 
server process 216 or another server within the same domain so that the server will 
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receive information sufficient to allow the client process to prove knowledge of the 
password" and lines 63-67 and column 9, lines 1-13 and 28-35). 
21 . Regarding claim 42, Eldridge discloses a portable recording medium capable of 
being coupled to a communication terminal device for receiving a predetermined service 
via a network using a password and for re-supplying the password to a user of the 
communication terminal device, the communication terminal device receiving from an 
external communication terminal device a signed data set, the external communication 
terminal device guaranteeing legitimacy of the user of the communication terminal 
device and generating the signed data set with a secret key, and for outputting to said 
portable recording medium the received signed data set when said portable recording 
medium is coupled to the communication terminal device (Figures 3A, 3B and 6B, 
column 1 , lines 66 and 67, column 2, lines 1 -8, 31 -47 and 64-67, column 3, lines 1 -1 0, 
column 4, lines 62-67, column 5, lines 1 -24 and 56-67, column 7, lines 1 -1 1 and 1 9-48, 
column 8, lines 63-67 and column 9, lines 1-13 and 28-35), 
said portable recording medium comprising: 

a memory for storing the password and a public key corresponding to the secret key 
(Figures 3A, 3B, 6B, column 1 , lines 66 and 67, column 2, lines 1 -8, 31 -47 and 64-67, 
column 3, lines 1 -1 0, column 4, lines 62-67, column 5, lines 1 -24, "one type of 
encryption key suitable for use as secret parameter 302 is a RSA private encryption 
key", column 7, lines 19-48, column 8, lines 63-67 and column 9, lines 1-13 and 28-35); 
and a controller for inputting from the communication terminal device the signed data 
set, for judging using the public key and the signed data set whether the signed data set 
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is signed by the external communication terminal device, wherein said controller 
recovers the same password as the password stored in said memory of said portable 
recording medium when it is judged that the signed data set is signed by the external 
communication terminal device, and outputs the recovered password to the 
communication terminal device (column 1 , lines 66 and 67, column 2, lines 1 -8, 31 -47 
and 64-67, column 3, lines 1-10, column 4, lines 62-67, column 5, lines 1-24 and lines 
35-67, column 6, lines 1-11, column 7, lines 1 9-67, column 8, lines 1 -12, "posts the 
complementary authentication information to server process 216 or another server 
within the same domain so that the server will receive information sufficient to allow the 
client process to prove knowledge of the password" and lines 63-67 and column 9, lines 
1-13 and 28-35), 

wherein said controller does not recover the same password as the password stored in 
said memory of said portable recording medium when it is judged that the signed data 
set is not signed by the external communication terminal device (Figure 5, element 506, 
"match?", Figure 7, element 708, "match?" and Figure 8, element 814, "match?", column 
3, lines 2-10, "the apparatus comprises authorization logic responsive to one of the 
plurality of passwords and the secret parameter for allowing access by the identified 
client process", column 5, lines 39-48, "the term 'key' may refer to any data or 
authentication information which is currently used by a process to partake in an 
authentication protocol. For example, keys 308 may comprise a password itself, a one- 
way hash of a password, a public key corresponding to a private key derived from data 
including the password...", column 7, lines 34-39, "If the public key identifier received 
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from process 216 does not match any of the public key identifiers 308C stored within ID 
file 300, the attempt to access server process 216 fails and the authentication process 
terminates" and column 10, lines 23-54, "If no match occurs, the process ends"). 

22. Regarding claim 44, Eldridge discloses wherein said memory stores a 
predetermined number indicating a number of the signed data set that is required to 
recover the password (Figure 4, column 2, lines 31 -67, column 3, lines 1 -1 0, column 4, 
lines 62-67, column 5, lines 1-14 and 35-55, column 6, lines 44-67 and column 7, lines 
1-14), 

wherein said controller counts a number of the signed data set when it is judged that the 
signed data set is signed by the external communication terminal device, recovers the 
same password as the password stored in said memory of said portable recording 
medium when the counted number of the signed data set reaches the predetermined 
number stored in said memory of said portable recording medium, and outputs the 
recovered password to the communication terminal device (Figures 3A, 3B and 6B and 
column 1 , lines 66 and 67, column 2, lines 1 -8, 31 -47 and 64-67, column 3, lines 1 -1 0, 
column 4, lines 62-67, column 5, lines 1-24, column 7, lines 19-48, column 8, lines 63- 
67 and column 9, lines 1-13 and 28-35). 

23. Regarding claim 45, Eldridge teaches a password recovery method for re- 
supplying a password using a communication terminal device and a portable recording 
medium coupled to the communication terminal device, the communication terminal 
device receiving a predetermined service via a network using the password, and the 
portable recording medium storing the password, the method comprising: 
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receiving, at the communication terminal device, from an external communication 
terminal device a signed data set, the external communication terminal device 
guaranteeing legitimacy of the user of the communication terminal device and 
generating the signed data set with a secret key (Figures 3A, 3B and 6B, column 1 , 
lines 66 and 67, column 2, lines 1-8, 31-47 and 64-67, column 3, lines 1-10, column 4, 
lines 62-67, column 5, lines 1 -24 and 56-67, column 7, lines 1 -1 1 and 1 9-48, column 8, 
lines 63-67 and column 9, lines 1-13 and 28-35); 

outputting, at the communication terminal device, to the portable recording medium the 
received signed data set when the portable recording medium is coupled to the 
communication device (column 1, lines 66 and 67, column 2, lines 1-8, 31-47 and 64- 
67, column 3, lines 1-10, column 4, lines 62-67, column 5, lines 1 -24 and lines 35-67, 
column 6, lines 1-11, column 7, lines 1 9-67, column 8, lines 1 -12, "posts the 
complementary authentication information to server process 216 or another server 
within the same domain so that the server will receive information sufficient to allow the 
client process to prove knowledge of the password" and lines 63-67 and column 9, lines 
1-13 and 28-35); 

storing, at the portable recording medium, the password and a public key corresponding 
to the secret key (Figures 3A, 3B and 6B, column 2, lines 31-67, "plurality of keys stored 
on the medium" and column 5, lines 41-48); 

inputting, at the portable recording medium, from the communication terminal device the 
signed data set (Figure 4, column 2, lines 31-67, column 3, lines 1-10, column 4, lines 
62-67, column 5, lines 1-14 and 35-55, column 6, lines 44-67 and column 7, lines 1-14); 
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and judging, at the portable recording medium, using the public key and the signed data 
set whether the signed data set is signed by the external communication terminal 
device, (Figures 3A, 3B and 6B, column 1 , lines 66 and 67, column 2, lines 1 -8, 31 -47 
and 64-67, column 3, lines 1-10, column 4, lines 62-67, column 5, lines 1-24, "one type 
of encryption key suitable for use as secret parameter 302 is a RSA private encryption 
key", column 7, lines 19-48, column 8, lines 63-67 and column 9, lines 1-13 and 28-35), 
wherein, when it is judged by said judging that the signed data set is signed by the 
external communication terminal device, the portable recording medium recovers the 
same password as the password stored in the memory of the portable recording 
medium, and outputs the recovered password to the communication terminal device 
(column 5, lines 35-67, column 6, lines 1-11, column 7, lines 49-67 and column 8, lines 
1-12, "posts the complementary authentication information to server process 216 or 
another server within the same domain so that the server will receive information 
sufficient to allow the client process to prove knowledge of the password"), 
wherein, when it is judged by said judging that the signed data set is not signed by the 
external communication terminal device, the portable recording medium does not 
recover the same password as the password stored in the memory of the portable 
recording medium (Figure 5, element 506, "match?", Figure 7, element 708, "match?" 
and Figure 8, element 814, "match?", column 3, lines 2-10, "the apparatus comprises 
authorization logic responsive to one of the plurality of passwords and the secret 
parameter for allowing access by the identified client process", column 5, lines 39-48, 
"the term 'key' may refer to any data or authentication information which is currently 
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used by a process to partake in an authentication protocol. For example, keys 308 may 
comprise a password itself, a one-way hash of a password, a public key corresponding 
to a private key derived from data including the password...", column 7, lines 34-39, "If 
the public key identifier received from process 216 does not match any of the public key 
identifiers 308C stored within ID file 300, the attempt to access server process 216 fails 
and the authentication process terminates" and column 10, lines 23-54, "If no match 
occurs, the process ends"). 

24. Claims 35, 38 and 43 are rejected under 35 U.S.C. 1 03(a) as being unpatentable 
over Eldridge, Arthan and Ooi, as applied to claims 34, 37 and 42, respectively, above, 
and further in view of United States Patent No. 6,947,571 to Rhoads et al., hereinafter 
Rhoads. 

25. Eldridge, Arthan and Ooi disclose the claimed invention, as applied to claims 35, 
38 and 43, respectively, as cited above. However, they fail to disclose the claim 
limitations of claims 35, 38 and 43 with respect to the claim language of "expiration 
period" and "date/time information". Rhoads discloses these claim limitations, as cited 
below. 

26. Regarding claims 35, 38 and 43, Rhoads discloses wherein said memory of said 
portable recording medium stores an expiration period for receiving the signed data set 
(column 54, lines 24-31 , column 66, lines 53-67 and column 67, lines 1-11), 

wherein the signed data set includes date/time information, the date/time information 
indicating a date and time at which the signed data set is generated at the external 
communication terminal device (column 67, lines 18-23), 
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wherein said controller of the portable recording medium judges using the public key 
and the signed data set whether the signed data set is signed by the external 
communication terminal device and whether the date/time information is within the 
expiration period stored in said memory, recovers the same password as the password 
stored in said memory of said portable recording medium when it is judged that the 
signed data set is signed by the external communication terminal device and that the 
date/time information is within the expiration period stored in said memory, and outputs 
the recovered password to said communication terminal device (column 54, lines 24-31 , 
column 55, lines 9-18, "each part may be assigned a unique password", column 61, 
lines 25-29, column 63, lines 2-10, column 66, lines 53-67, column 67, lines 1 -1 1 and 
column 77, lines 8-35). 

27. The motivation to combine would be that "if the previously used name and 
password are no longer valid, the user has to provide a valid name and password in 
order to continue embedding for the media owner" (Rhoads - column 77, lines 1 7-20). 

28. Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to incorporate the teachings of Rhoads with the teachings 
of Eldridge, Arthan and Ooi so that "access to the registration information is limited to 
only explicitly authorized accounts. Accounts are password protected" (Rhoads - 
column 55, lines 9-13). 

29. Claim 40 is rejected under 35 U.S.C. 103(a) as being unpatentable over Eldridge, 
Arthan and Ooi, as applied to claim 37 above, and further in view of United States 
Patent No. 6,820,204 to Desai et al., hereinafter Desai. 
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30. Eldridge, Arthan and Ooi disclose the claimed invention, as applied to claim 37, 
as cited above. However, they fail to disclose the claim limitation of claim 40 pertaining 
to "a display for displaying the recovered password output from the portable recording 
medium". Desai discloses this limitation, as cited below. 

31 . Regarding claim 40, Desai discloses a display for displaying the recovered 
password output from the portable recording medium (Figures 41 and 42, column 4, 
lines 32-67, "information exchange system and its storage system may be distributed 
across a plurality of devices", column 5, lines 66 and 67, column 6, lines 1 -25, column 9, 
lines 1 9-31 , column 1 5, lines 27-44 and 55-67, column 1 6, lines 1 -3, column 20, lines 
36-67, column 21, lines 1-9, column 22, lines 23-43, column 27, lines 35-67 and column 
28, lines 1-18). 

32. The motivation to combine would be to provide "a system and method for 
information exchange that provides control over the content of stored information, as 
well as control over the access to the stored information" (Desai - column 3, lines 35- 
41). 

33. Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to incorporate the teachings of Desai with the teachings of 
Eldridge, Arthan and Ooi in order "to allow each respective registered user to access, 
edit and manage the registered user's profile data through a network device" (Desai - 
column 3, lines 45-62). 

Conclusion 
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34. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

35. The following United States Patents are cited to further show the state of the art 
with respect to the recovery of data, such as: 

United States Patent No. 7,083,090 to Zuili which is cited to show a remote and 
universal smartcard authentication and authorization device. 

United States Patent No. 6,185,308 to Ando et al., which is cited to show a key 
recovery system. 

United States Patent No. 6,240,184 to Huynh et al., which is cited to show 
password synchronization. 

United States Patent No. 7,292,680 to Simpson, which is cited to show 
automated password recovery in an interactive voice response system. 

United States Patent No. 7,1 1 1 ,321 to Watts et al., which is cited to show a 
portable computer system with hierarchical and token-based security policies. 

United States Patent No. 6,940,980 to Sandhu, et al., which is cited to show a 
high security cryptosystem. 

United States Patent No. 6,792,536 to Teppler, which is cited to show a smart 
card system and methods for proving dates in digital files. 

United States Patent No. 7,469,341 to Edgett, et al., which is cited to show a 
method and system for associating a plurality of transaction data records generated in a 
service access system. 
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36. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to JEREMIAH AVERY whose telephone number is 
(571)272-8627. The examiner can normally be reached on Monday thru Friday 8:30am- 
5pm. 

37. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, William Korzuch can be reached on (571) 272-7589. The fax phone number 
for the organization where this application or proceeding is assigned is 571 -273-8300. 

38. Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Jeremiah Avery/ 
Examiner, Art Unit 2431 
/Syed Zia/ 

Primary Examiner, Art Unit 2431 



